LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Jakub Kicinski <jakub.kicinski@netronome.com>,
	Quentin Monnet <quentin.monnet@netronome.com>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Network Development <netdev@vger.kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>
Subject: Re: nfp: bpf: perf event output helpers support
Date: Wed, 6 Jun 2018 22:15:04 -0700	[thread overview]
Message-ID: <CAGXu5jJq774LZY1xUCKxG3Z4MkJ_JBJP7veB5gUCy4meb_PtSA@mail.gmail.com> (raw)

>     nfp: bpf: perf event output helpers support
>
>     Add support for the perf_event_output family of helpers.
>
>     The implementation on the NFP will not match the host code exactly.
>     The state of the host map and rings is unknown to the device, hence
>     device can't return errors when rings are not installed.  The device
>     simply packs the data into a firmware notification message and sends
>     it over to the host, returning success to the program.
>
>     There is no notion of a host CPU on the device when packets are being
>     processed.  Device will only offload programs which set BPF_F_CURRENT_CPU.
>     Still, if map index doesn't match CPU no error will be returned (see
>     above).
>
>     Dropped/lost firmware notification messages will not cause "lost
>     events" event on the perf ring, they are only visible via device
>     error counters.
>
>     Firmware notification messages may also get reordered in respect
>     to the packets which caused their generation.
>
>     Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
>     Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
>     Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>
> diff --git a/drivers/net/ethernet/netronome/nfp/bpf/offload.c b/drivers/net/ethernet/netronome/nfp/bpf/offload.c
> index e3ead906cc60..4db0ac1e42a8 100644
> --- a/drivers/net/ethernet/netronome/nfp/bpf/offload.c
> +++ b/drivers/net/ethernet/netronome/nfp/bpf/offload.c
> @@ -441,6 +441,53 @@ int nfp_ndo_bpf(struct nfp_app *app, struct nfp_net *nn, struct netdev_bpf *bpf)
>         }
>  }
>
> +static unsigned long
> +nfp_bpf_perf_event_copy(void *dst, const void *src,
> +                       unsigned long off, unsigned long len)
> +{
> +       memcpy(dst, src + off, len);
> +       return 0;
> +}
> +
> +int nfp_bpf_event_output(struct nfp_app_bpf *bpf, struct sk_buff *skb)
> +{
> +       struct cmsg_bpf_event *cbe = (void *)skb->data;
> +       u32 pkt_size, data_size;
> +       struct bpf_map *map;
> +
> +       if (skb->len < sizeof(struct cmsg_bpf_event))
> +               goto err_drop;
> +
> +       pkt_size = be32_to_cpu(cbe->pkt_size);
> +       data_size = be32_to_cpu(cbe->data_size);
> +       map = (void *)(unsigned long)be64_to_cpu(cbe->map_ptr);
> +
> +       if (skb->len < sizeof(struct cmsg_bpf_event) + pkt_size + data_size)
> +               goto err_drop;
> +       if (cbe->hdr.ver != CMSG_MAP_ABI_VERSION)
> +               goto err_drop;
> +
> +       rcu_read_lock();
> +       if (!rhashtable_lookup_fast(&bpf->maps_neutral, &map,
> +                                   nfp_bpf_maps_neutral_params)) {
> +               rcu_read_unlock();
> +               pr_warn("perf event: dest map pointer %px not recognized, dropping event\n",
> +                       map);

Please don't use %px on kernel pointers unless you absolutely have
to[1]. It seems like this value wouldn't be actionable here, so likely
it's best to just remove its use entirely.

-Kees

[1] https://www.spinics.net/lists/kernel/msg2671068.html

-- 
Kees Cook
Pixel Security

             reply	other threads:[~2018-06-07  5:15 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-07  5:15 Kees Cook [this message]
2018-06-07 16:33 ` Jakub Kicinski
2018-06-07 19:13   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGXu5jJq774LZY1xUCKxG3Z4MkJ_JBJP7veB5gUCy4meb_PtSA@mail.gmail.com \
    --to=keescook@chromium.org \
    --cc=daniel@iogearbox.net \
    --cc=jakub.kicinski@netronome.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=quentin.monnet@netronome.com \
    --subject='Re: nfp: bpf: perf event output helpers support' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).